rekor secrets

Manage organization vault secrets

Subcommands

rekor secrets create

Store a vault secret (a string value, or a file via --file as base64)

• --name — Secret name
• --value — Secret value (plain string)
• --file — Read the value from a file and base64-encode it (certificates, keystores, SA JSON)
• --content-type — MIME type of the value (e.g. application/x-pkcs12)
• --tags — Comma-separated tags

rekor secrets list

List vault secrets (values masked)

rekor secrets get

Get vault secret metadata (value masked)

rekor secrets rotate

Rotate a secret by installing a new caller-supplied value (from --value or --file)

• --value — New secret value (plain string)
• --file — Read the new value from a file and base64-encode it

rekor secrets delete

Delete a vault secret

• -y, --yes — Skip confirmation prompt